- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
02-09-2022 12:21 PM
Hello,
I have over 1000 users and just this week some users (maybe 10) have not been able to connect to Global Protect from home. I worked out its because their ROOTCA has expired under Manage Certificates on their laptop. Its been working for 2 years and every user seems to have different dates. As far as i know the certificate server on-prem corporate network is supposed to update their certificate periodically. It must have done this at some stage. I am not getting much response from the server team who look after the certificate server and i know the Global Protect users have routing and a the relevant ports open to connect to the cert server.
When a user cant connect he has to drive to the office and connect to the LAN. The the server team issue him a renewed certificate. Then he can go home and connect in again no problems
How do i prove the palo alto is not the problem
thanks, Kevin
02-10-2022 03:38 AM
Thanks for the reply - i have got two users to go into site and the server team had to remote onto their laptop and do the following
Should this not be an automatic thing that happens once a year.
02-09-2022 07:56 PM
Ummm ... that actually sounds like a firewall problem to me. Short of something being very oddly configured in Group Policy, I can't see how this isn't an issue with communication between the GlobalProtect clients and your PKI hosts. Sadly you would need your server team to review Group Policy and the PKI server if you don't have access to either, but if its working when a client is on-site it should be working over the GlobalProtect connection.
02-10-2022 03:38 AM
Thanks for the reply - i have got two users to go into site and the server team had to remote onto their laptop and do the following
Should this not be an automatic thing that happens once a year.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!